Skip to main content

SSL/TLS Server Certificate Installation Guide for F5 BIG IP 13.x and Higher

Summary

This guide walks you through installing an SSL/TLS Server Certificate for F5 BIG IP 13.x and higher


SSL/TLS Certificate Installation Guide for F5 BIG IP 13.x and Higher

NOTE:
As of November 12, 2024, Entrust introduced a new TLS certificate hierarchy as part of the deployment. The TLS certificate delivery now includes two certificate chains. The delivery of these certificate chains can be in the form of:

  • Individual files. Intermediate 1 (filename: intermediate1.crt ) and Intermediate 2 (filename: intermediate2.crt ) or
  • Concatenate PEM file (filename: CertificateBundle1.pem/CertificateBundle2.pem ) or
  • P7B format file (filename: Certificatebundle.p7b )

Both intermediate/chain certificates must be installed in your environment.

Installation is in two parts:

  1. Install the Chain/Intermediate Certificate
  2. Install the Server Certificate

Part 1:  Install the Chain/Intermediate Certificate

  1. Launch the F5 BIG-IP web GUI
  2. On the main tab, expand System
  3. Go to Certificate Management > Traffic Certificate Management > SSL Certificate List to display the list of existing certificates:
  4. In the upper right corner, click Import
  5. In theImport Typedropdown list, select Certificate
  6. In the Certificate Name field, enter EntrustChain
  7. In the Certificate Source box, browse to the location of the ChainBundle1.crt file
  8. Click Import
  9. The new certificate appears in the list.

Part 2: Install the Server Certificate

  1. Go back to System > Certificate Management > Traffic Certificate Management > SSL Certificate List to display the list of existing certificates
  2. Click the name assigned to the private key file when creating your Certificate Signing Request.
  3. Click Import
  4. In the Certificate Source box, browse to the location of the ServerCertificate.crt file that you downloaded, then click Import
  5. The Server Certificate and Key should now appear in the list.
  6. On the main tab of the F5 BIG-IP interface, expand Local Traffic and then click Profiles
  7. In the top menu bar, select Client from the SSL dropdown list
  8. Create a new SSL Profile by clicking Create , or open an existing SSL profile that has already been set up
  9. In the Configuration dropdown list, select Advanced
  10. In the Configuration section, select the Custom checkbox
  11. Click Add
  12. Under Certificate , select your Server Certificate--it will appear with the same friendly name as the private key
  13. In the Key dropdown list, select the name of the key that was generated when you requested your certificate
  14. In the Chain dropdown list, select EntrustChain, which was imported in Part 1 above
  15. Click Add
  16. Your certificate appears in the Certificate Key Chain text box
  17. Scroll down and then click Finished

Your SSL/TLS certificate should now be installed.

Check that your certificate has been successfully installed by testing it on the Entru